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FOR INFORMATION OF LEGAT CANBERRA, IN NOVEMBER 1991, 
SYSTEMS ADMINISTRATOR FOR THE CRAY SUPERCOMPUTER AT THE 
NUMERICAL AERODYNAMIC SIMULATION (NAS) FACILITY AT NASA AMES 
RESEARCH CENTER (NARC), ADVISED THAT INTRUSIONS HAD BEEN MADE 
INTO THE "FRONT-END" COMPUTERS SUPPORTING THE CRAY, THE NAS 
IS DEVOTED TO RESEARCH ON CRITICAL TECHNOLOGIES, MAINLY IN THE 
AREA OF HIGH+MACH 3D WIND TUNNEL SIMULATIONS. THE SUBJECT 
GAINED ENTRY INTO THE NASA SYSTEMS, AND INSERTED A "TROJAN 
HORSE" PROGRAM. FR [HIS TROJAN HORSE, THE HACKER WAS ABLE 
TO BEGIN CRACKING PASSWORDS ON THE CRAY SYSTEM. AS A RESULT 
OF THIS ACTIVITY, NASA WAS FORCED TO SHUT DOWN THE FRONT-END 
COMPUTERS AT THE NAS FOR AN ENTIRE WEEK, WHILE SYSTEMS WERE 
RE-BOOTED AND RELOADED WITH CLEAN SYSTEM FILES. ADDITIONALLY, 
PASSWORDS ON THE SYSTEM HAD TO BE CHANGED. THE TOTAL LOSS WAS 
ESTIMATED AT BETWEEN 57,000 AND 500,000 DOLLARS, DEPENDING ON 
VALUATIONS OF SERVICES EXPENDED. 

A REVIEW OF SYSTEM LOGS AND OTHER DOCUMENTATION SUPPLIED 
BY m{ | NAVAL RESEARCH LABORATORY (NRL), VIRGINIA, 
REVEALED A SYSTEMATIC SERIES OF ATTACKS ON NAS COMPUTERS 
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SITES IN AND AROUND SIDNEY, AUSTRALIA. THE MEDIUM OF ATTACK 
HAS BEEN INTRUSION AND MANIPULATION OF NAS FILES VIA THE 
INTERNET. THE INTERNET IS A VAST NETWORKING SYSTEM COMPRISED 
OF OVER 2000 SEPARATE COMPUTER NETWORKS WORLDWIDE, AND 8 
MILLION KNOWN USERS. EACH SUB-NETWORK WITHIN THIS STRUCTURE 
SUPPORTS AN AVERAGE OF THIRTY COMPUTERS, SOME OF WHICH ARE 
DEDICATED TO ALL PHASES OF SCIENTIFIC RESEARCH. THE INTERNET 
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Washington Metropolitan Field Office 
The National Computer Crimes Squad 
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Computer Crime Squad 
Federal Bureau of Investigation 
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Fill in below with Yes (XY), No (N), or Unknown (TU): 


L Is a federal government computer af affected? 
; Department/Agency: | 4/4, 1A 
. v Is a federal interest computer affected? yy, | 
° Victim institution: SH4 wr 


y ..Does "the offense involve a telecommmications network? 


Is (former) employee suspected? 
Is the method of intrusion known? 


. . Is the system still vulnerable? ) 
is the intrusion continuing? (2 (Bor fahlorg 
National Security Issues: 


Does agency/institution computers contain classified information? 
Was classified information compromised in this matter? 
df Is a foreign or hostile intelligence service involved? 
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PREDICATION: 


In November 1991, a systems administrator for the Cray Supercomputer at the Numerical Aerodynamic 
Simulation (NAS) Facility at NASA Ames Research Center, advised that intrusions had been made into "front-end" 
computers supporting the Cray. The NAS is devoted to research on critical technologies, mainly in the area of 
high-mach 3D wind tunnel simulations. The hacker(s) gained entry via a Thinking Machines, Sun work station 
(tme.sun), inserted a trojan horse program, and began cracking passwords. As a result of this activity, NASA 
was forced to shut down the front-end computers at the NAS for a week, while systems were re-booted and 
re-loaded with clean system files. Additionally, all passwords on the system had to be changed. The total loss 
was estimated at between $57,000 and $500,000, depending on valuation of services expended. The lower figure 
represents in-house costs, while the latter reflects the value of corrective work based on a service contracted to 
an outside source. This constitutes a violation of 18 USC §1030, which the Northern District of California U.S. 
Attorney’s Office has agreed to consider for prosecution. 


INVESTIGATION 
This case is being investigated by the FBI and the NASA Inspector General’s Office (NASA/IG). 


A review of system logs and keystroking documentation supplied by Naval Research Laboratory (NRL) Virginia, 
has revealed a systematic series of attacks on NAS computers between October 1991 and December 1991, 
emanating from host sites in. and around Sydney Australia. The medium of attack has been intrusion and 
manipulation via the Internet (See chart of hacking activity attached hereto). The Internet is a vast networking 
system encompassing over 2,000 separate computer networks worldwide. Each sub-network within this structure 
supports an average of 30 computers, dedicated to all phases of scientific research. It is funded and maintained 
by the U.S. Government. As a network linking high-performance computers and leading edge Mle eS eae adic oe 
storage, and software development technologies, Internet is defined as a “core technology” within Quis id STL 


forth by the National Critical Technologies Panel, b7Cc 
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This document contains neither recommendations nor conclusions of the FBI. It is the property of the FBI and is loaned to 
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